New GKE cluster through IaC
Learn how to create a new cluster on Google Kubernetes Engine (GKE) through Infrastructure as Code (IaC).
This process combines the GitLab Terraform and Google Terraform providers with Kubernetes to help you create GKE clusters and deploy them through GitLab.
This document describes how to set up a group-level cluster on GKE by importing an example project to get you started. You can then modify the project files according to your needs.
Prerequisites:
- A GitLab group.
- A GitLab user with the Maintainer role in the group.
- A GitLab personal access token with
api
access, created by a user with at least the Maintainer role in the group. - A Google Cloud Platform (GCP) service account.
Steps:
- Import the example project.
- Add your GCP credentials to GitLab.
- Configure your project.
- Deploy your cluster.
Import the example project
Start by importing the example project by URL. Use https://gitlab.com/gitlab-org/configure/examples/gitlab-terraform-gke.git
as URL.
Add your GCP credentials to GitLab
After importing the project, you need to set up CI environment variables to associate your cluster on GCP to your group in GitLab.
We advise that you set environment variables through the GitLab UI so that your credentials are not exposed through the code. To do so, follow the steps below.
Prepare your credentials on GCP
-
Create a GCP service account to authenticate GCP with GitLab. It needs the following roles:
Computer Network Viewer
,Kubernetes Engine Admin
, andService Account User
. -
Download the JSON file with the service account key.
-
On your computer, encode the JSON file to
base64
(replace/path/to/sa-key.json
to the path to your key):base64 /path/to/sa-key.json | tr -d \\n
-
Use the output of this command as the
BASE64_GOOGLE_CREDENTIALS
environment variable in the next step.
Add your credentials to GitLab as environment variables
- On GitLab, from your project's sidebar, go to Settings > CI/CD and expand Variables.
- Add your
GITLAB_TOKEN
(personal access token). - Add the variable
BASE64_GOOGLE_CREDENTIALS
from the previous step.
Configure your project
After authenticating with GCP, replace the project's defaults from the example project with your own. To do so, edit the files as described below.
Edit gke.tf
:
-
(Required) Replace the GCP
project
with a unique project name. -
(Optional) Choose the
name
of your cluster. -
(Optional) Choose the
region
andzone
that you would like to deploy your cluster to. - Push the changes to your project's default branch.
Edit group_cluster.tf
:
-
(Required): Replace the
full_path
with the path to your group. -
(Optional): Choose your cluster base domain through
domain
. -
(Optional): Choose your environment through
environment_scope
. - Push the changes to your project's default branch.
Refer to the GitLab Terraform provider and the Google Terraform provider documentation for further resource options.
Deploy your cluster
After adjusting the files in the previous step, manually trigger the deployment of your cluster. In GitLab:
- From your project's sidebar, go to CI/CD > Pipelines.
- Select the dropdown icon ({angle-down}) next to the play icon ({play}).
- Select deploy to manually trigger the deployment job.
When the pipeline finishes successfully, you can see your new cluster:
- In GCP: on your GCP console's Kubernetes list.
- In GitLab: from your project's sidebar, select Infrastructure > Kubernetes clusters.